公开(公告)号：US08505106B1

公开(公告)日：2013-08-06

申请号：US12827526

申请日：2010-06-30

申请人： Amit Bhosle ,  Scott G. Carmack ,  Dhanvi Harsha Kapila ,  Shilpi Gupta ,  Mehul Jain ,  Sachin P. Joglekar ,  Ashish Agrawal

发明人： Amit Bhosle ,  Scott G. Carmack ,  Dhanvi Harsha Kapila ,  Shilpi Gupta ,  Mehul Jain ,  Sachin P. Joglekar ,  Ashish Agrawal

IPC分类号： G06F17/30 ,  G06F15/16 ,  H04L9/32

CPC分类号： H04L63/08 ,  H04L9/3213 ,  H04L63/0807 ,  H04L63/1441

摘要： Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.

公开(公告)号：US08775810B1

公开(公告)日：2014-07-08

申请号：US12570792

申请日：2009-09-30

申请人： Ryan J. Snodgrass ,  Joel C. Hegg ,  Ian T. R. MacLeod ,  Samuel S. Gigliotti ,  Scott G. Carmack

发明人： Ryan J. Snodgrass ,  Joel C. Hegg ,  Ian T. R. MacLeod ,  Samuel S. Gigliotti ,  Scott G. Carmack

IPC分类号： H04L9/32 ,  H04L9/08 ,  H04L9/00 ,  G06F21/62

CPC分类号： H04L9/08 ,  G06F21/45 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/3234 ,  H04L9/3247

摘要： Systems, methods, and computer-readable media provide a requesting device with access to a service. In one implementation, a server stores a token decryption key for validating an encrypted token. The server receives the encrypted token and a digital signature generated using a signature creation key from a client device, and decrypts the token with the token decryption key. The server extracts a signature validation key from the token, and validates the digital signature using the signature validation data. The system provides the client device with access to the service, based on whether the digital signature is validated.

摘要翻译： 系统，方法和计算机可读介质为请求设备提供对服务的访问。 在一个实现中，服务器存储用于验证加密令牌的令牌解密密钥。 服务器接收加密令牌和使用来自客户端设备的签名创建密钥生成的数字签名，并用令牌解密密钥对令牌进行解密。 服务器从令牌中提取签名验证密钥，并使用签名验证数据验证数字签名。 该系统基于数字签名是否被验证，为客户端设备提供对服务的访问。